Now you can use the cloud model to extend your corporate security perimeter to all devices in any location—and deliver the same scalability and outstanding protection many of the world’s largest companies provide to their employees, suppliers, partners, and customers.

As mobile workers leave the corporate network, they become more susceptible to threats because corporate policies and protection do not follow them. Blue Coat web security solutions extend the security perimeter of the corporate network.

Data encryption maintains the confidentiality and integrity of network traffic, and we all know the best offense is a good defense. If hackers know data is encrypted, they may just move onto the next target.

Blue Coat empowers enterprises to safely and securely choose the best, applications, services, devices, data sources, and content the world has to offer, so they can create, communicate, collaborate, innovate, execute, compete and win in their markets.

Search form

You are here

Blue Coat Labs

Labs Blog

They Definitely Spammed the Wrong Guy

They Definitely Spammed the Wrong Guy

Chris Larsen

May 26, 2013

Last Friday (5/24), as I was packing for a trip, I took a quick look at the in-box for my Blue Coat e-mail account. There was one from a name I didn't recognize, with a subject line of "Successful Business". It was a spam:

(It was interesting that they didn't have the person's name match the e-mail address more closely. Even if the e-mail content wasn't a dead giveaway, this by itself would have raised a yellow flag.)

Things got even more interesting when I began highlighting the spam URL, so I could check it out in our database, and accidentally dragged the mouse too far. Lo and behold, there was more to this spam than met the eye: a huge block of invisible white-on-white text, designed to confuse spam filters:

(It actually went on for a lot longer than this, but this is enough to give you an idea of how it was constructed.)

Normally, spammers demonstrate a little more common sense than to send spam right to my Blue Coat e-mail. This is the equivalent of a bank robber mistaking a police station for a bank, and walking in to announce a hold-up.

However, I didn't get the satisfaction of personally flagging the target domain (JobsFromHomeBizBlog.com), since WebPulse's SpamNet Tracker had already taken care of that for me.

Our logs showed two hits for JobsFromHomeBizBlog.com, newly rolled out that day as the next domain in the on-going spam campaign. Both requests had been flagged as Suspicious in real-time, since the server hosting these sites had been identified over a week earlier (on 5/17, so this was a negative-seven-day block).

The current host IP address is 188.190.118.13, which is the fourth one we've seen used by this spam campaign.

Other recent domains used by this spammer include:

thebesthomebizblog.com

workfromhomebizblog.com

myonlineworkfromhome.com

myjobhomebizblog.com

workathomejobsreports.com

Which makes me wonder: If there's a better "home biz" than spamming, why doesn't this guy stop spamming, and just do that job instead? (Especially if he's dumb enough to spam Blue Coat directly...)